基于请求关键词的应用层DDoS攻击检测方法

Abstract

Abstract: Today,the application-layer DDoS attacks may cause great harm to the security of the Internet．Existing detection methods lack the versatility,i.e.,an approach only focuses on one particular application-layer DDoS attack．In order to quickly and effectively identify several different application-layer DDoS attacks,this paper presented a detection method based on request keywords．In this method,the input is the number and frequency distribution distance of request keywords per unit time．Then,the hidden markov model is used to detect application-layer DDoS attacks．The experimental results show that the proposed method is valid to discover several different application-layer DDoS attacks with relatively high detection ratio and low false positive ratio.

Key words: DDoS attack,Request keyword,Hidden markov model,Application-layer

XIE Bai-lin,JIANG Sheng-yi and ZHANG Qian-sheng. Application-layer DDoS Attack Detection Based on Request Keywords[J].Computer Science, 2013, 40(7): 121-125.

References

[1] Worldwide Infrastructure Security Report 2010[EB/OL]．ht-tp://www.arbornetworks.com/report
[2] 孙长华,刘斌．分布式拒绝服务攻击研究新进展综述[J]．电子学报,2009,4(7):1562-1570
[3] 李金明,王汝传．基于VTP方法的DDoS攻击实时检测技术研究[J]．电子学报,2007,5(4):791-796
[4] 杨新宇,杨树森,李娟．基于非线性预处理网络流量预测方法的泛洪型DDoS攻击检测算法[J]．计算机学报,2011,4(2):395-405
[5] 谢柏林,余顺争,王宇．应用层异常检测方法研究[J].计算机科学,2009,36(4):21-24
[6] Xie Y,Yu F,Achan K,et al．Spamming Botnets:Signatures and Characteristics[J]．ACM SIGCOMM Computer Communication Review,2008,38(4):171-182
[7] Yu J,Fang C,Lu L,et al．A Lightweight Mechanism to Mitigate Application Layer DDoS Attacks[J]．Scalable Information Systems,2009,8:175-191
[8] Ranjan S,Swaminathan R,Uysal M,et al.DDoS-Shield:DDoS-resilient Scheduling to Counter Application Layer Attacks[J]．IEEE/ACM Transactions on Networking,2009,17(1):26-39
[9] 肖军,云晓春,张永铮．基于会话异常度模型的应用层分布式拒绝服务攻击过滤[J]．计算机学报,2010,3(9):1713-1724
[10] Xie Y,Yu S Z．Monitoring the Application-Layer DDoS Attacks for Popular Websites[J]．IEEE/ACM Transactions on Networking,2009,7(1):15-25
[11] Wen S,Jia W,Zhou W,et al．CALD:Surviving Various Application-Layer DDoS Attacks That Mimic Flash Crowd[C]∥The 4th International Conference on Network and System Security．2010:247-254
[12] Hakem B,Geert D．Trackling Application-layer DDoS Attacks[J]．Procedia Computer Science,2012,0:432-441
[13] Nagamalai D,Dhinakaran C,Lee J K．Novel Mechanism to Defend DDoS Attacks Caused by Spam[J]．International Journal of Smart Home,2007,1(2):83-95
[14] 谢柏林,余顺争．基于应用层协议关键词序列的应用层异常检测方法[J].计算机研究与发展,2011,48(1):159-168
[15] Wang K,Stolfo S J．Anomalous Payload-Based Network Intrusion Detection[C]∥The Seventh International Symposium on Recent Advances in Intrusion Detection．2004:203-222
[16] Rabiner L R．A Tutorial on Hidden Markov Models and Selected Applications in Speech Recognition[J]．Proceedings of the IEEE,1989,77(2):257-286
[17] DoSHTTP[EB/OL]:http://www.socketsoft.net/
[18] Mahoney M V,Chan P K．An Analysis of The 1999DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection[C]∥The Sixth International Symposium on Recent Advances in Intrusion Detection．2003:220-237

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed

Comments

Recommended 0

No Suggested Reading articles found!

Application-layer DDoS Attack Detection Based on Request Keywords

PDF (PC)

Abstract

Cite this article

share this article

References

Related Articles 0

Metrics

Comments

Recommended 0